POC Android botnet – Command and Control Channel over SMS

Posted: April 2, 2012 in Analysis


To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network.
Compiling instructions are simple and straight forward. Please follow these:

  • Compile with arm-gcc with the -static flag set
  • Copy to anywhere on the underlying OS that is writable (/data/ is good).
  • Rename /dev/smd0/ to /dev/smd0real/
  • Start the bot application
  • Kill the radio application (ps | grep rild)
  • The radio will automatically respawn and now the bot proxy will be working

The PoC code for smartphone botnet C&C over SMS was presented at the Shmooconheld in January 2011. It seems that the author also has it working for the iPhone platform! For sanity purposes, the PoC code has payloads aka commands removed. So what you see in the demo video will need to be added manually. It however does include logging and a local open port for testing to make developing your own payloads easier! This is the demo video:

  1. chathux2 says:

    I witnessed this poc, while Georgia Weidman demonstrated it in the Hacker Halted 2011

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s